package com.github.niefy.config;
import com.github.niefy.modules.sys.oauth2.OAuth2Filter;
import com.github.niefy.modules.sys.oauth2.OAuth2Realm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
 * Shiro配置
 *
 * @author Mark sunlightcs@gmail.com
 */
@Configuration
public class ShiroConfig {
  @Bean("securityManager")
  public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(oAuth2Realm);
    securityManager.setRememberMeManager(null);
    return securityManager;
  }
  @Bean("shiroFilter")
  public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setSecurityManager(securityManager);
    //oauth过滤
    Map<String, Filter> filters = new HashMap<>(4);
    filters.put("oauth2", new OAuth2Filter());
    shiroFilter.setFilters(filters);
    Map<String, String> filterMap = new LinkedHashMap<>(8);
    filterMap.put("/sys/login", "anon");
    filterMap.put("/sys/**", "oauth2");
    filterMap.put("/manage/**", "oauth2");
    filterMap.put("/wx/**", "anon");
    filterMap.put("/**", "anon");
    shiroFilter.setFilterChainDefinitionMap(filterMap);
    return shiroFilter;
  }
  @Bean("lifecycleBeanPostProcessor")
  public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
  }
  @Bean
  public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
    AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
    advisor.setSecurityManager(securityManager);
    return advisor;
  }
}
